Advertisements

Lawrence D'Oliveiro wrote:
> Used to be thought to be difficult or even impossible, can currently be done
> with less than USD1000 worth of equipment
> <http://blogs.techrepublic.com.com/security/?p=222&tag=nl.e036>.

Tapping fibre can be a simple process, as you've now discovered. There
are however complexities. With coax cable you only have one signal, with
fibre you can carry multiple signals at different wavelengths. So, the
device probably only works with Ethernet, not telecommunications
backbones etc.

Another potential issue is that tapping of optical fibres can be
detected even if the connection is not broken in order to insert a
monitoring device. Bending of the cable alters the angle of incidence,
preventing total internal reflection, and reducing the strength of the
signal at the destination. Any network that needs to be truely secure
should employ such monitoring. It makes sense even on encrypted links,
as a lot of traffic over a network is likely to be of a known structure.
This means someone silently listening on the network would have clues
that could weaken the encryption.

Advertisements

In message <fdfo9a$6tm$>, RL wrote:
> Another potential issue is that tapping of optical fibres can be
> detected even if the connection is not broken in order to insert a
> monitoring device. Bending of the cable alters the angle of incidence,
> preventing total internal reflection, and reducing the strength of the
> signal at the destination. Any network that needs to be truely secure
> should employ such monitoring. It makes sense even on encrypted links,
> as a lot of traffic over a network is likely to be of a known structure.
> This means someone silently listening on the network would have clues
> that could weaken the encryption.

Detecting eavesdropping is almost certainly a waste of time. Far better to
rely on eavesdropping-resistant protocols, such as the secure ones used
over the Internet (e.g. SSL, SSH).

The trouble with worrying about eavesdropping is it increases your exposure
to cry-wolf-type attacks, which are a form of denial-of-service attack.

This also is the fundamental problem with quantum encryption--it's so
sensitive to anything that looks like eavesdropping, that it will probably
be useless in practice.

Share This Page

Welcome to Velocity Reviews!

Welcome to the Velocity Reviews, the place to come for the latest tech news and reviews.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to chat with other enthusiasts and get tech help from other members.
Sign up now!